tui.image-editor icon indicating copy to clipboard operation
tui.image-editor copied to clipboard

Published 20 hours ago verified publisher icon nhn

Vulnerable dependencies found in latest version

Open sakshibatra16 opened this issue 8 months ago • 0 comments

Describe the bug Package is using old versions of child dependencies, which have vulnerability of very high severity. One of the package is tough-cookie whose version used is V3.0.1 which is vulnerable , and Its minimum version that needs to be upgraded is to V4.1.3

To Reproduce Steps to reproduce the behavior:

  1. Install the npm package
  2. Observe the package-lock.json file with the child dependencies.
  3. Getting vulnerable versions of child dependencies.

Expected behavior Latest or package with no vulnerability should be used.

Screenshots

Vulnerability

Additional context We are using this package from long time, due to this vulnerability in this package we have to remove this package and find an alternative, if this issue is not fixed.

sakshibatra16 avatar Jun 04 '24 11:06 sakshibatra16